The Senior Security Engineer must be expert in the design and operation of security controls that utilize off-the-shelf tooling and will focus on the use of cloud native tools and services provided by Amazon Web Services (AWS).
TOP REQUIRED SKILLS:
1. Significant prior experience using AWS services.
2. Prior technical SIEM experience.
3. Python or PowerShell scripting fluency.
What You’ll be Doing:
Responsible for the operation of security control procedures and production of evidence in accordance with security and compliance requirements in the following areas including but not limited to:
1.Security event logging and monitoring
2.Anti-virus for Linux (examples: ClamAV, Sophos)
3.Windows Defender Security Center
4.File Integrity Monitoring
5.Configuration baseline monitoring of AWS environments using Nessus and the CIS benchmarks.
Observe existing security or compliance processes and recommend optimizations that reduce the number of steps or eliminate manual steps in a process without loss of quality.
Design and implement configurations to forward logs to a central indexing and monitoring tool such as Splunk. Create queries to alert on various conditions such as loss of data feeds and anomalous increases in traffic. Develop dashboards and reports. Use the log management system to detect potentially hostile cyber actors and block them.
1.Ensure the collection of appropriate data elements from all cloud-based servers, databases and network hosts in the environment that will enable tracking of actions taken by individual internal or external actors within measurable timelines.
2.Configure the log management system to monitor traffic patterns that are inbound to the system and outbound from the system.
3.Configure visualizations and dashboards.
4.Configure the Log Management System to detect unusual or anomalous patterns in network traffic and send alerts describing the date/time of the anomalous event and the conditions that triggered the alert.
5.Working individually or as part of a team, triage alerted events and identify false positives from events requiring a remediation response.
6.Able to prepare and submit Incident change management tickets to appropriate response teams describing the anomalous events and recommending specific remediation actions such as blocking applicable internet protocol address ranges.
7.Monitor open tickets and track them to closure.
8.Prepare supporting documentation as necessary to satisfy applicable FedRAMP, SOC2, ISO27001 and PCI requirements.
Experience We’re Looking For:
•Prior experience with log monitoring and reporting systems such as Splunk or Elastic Search/Kibana.
•Knowledge of AWS logging tools such as CloudTrail, CloudWatch, GuardDuty
•Ability to automate manual processes using scripting languages such as PowerShell, Python, or SQL.
•Familiarity with Windows, Linux, Azure DevOps, Jira, Confluence.
•Excellent written and verbal communication skills.
•A security certification: AWS Security Specialist, CISSP or comparable.
•Knowledge of frameworks such as the NIST Cyber Security Framework or the Center for Internet Security Critical Security Controls.
What is Required for you to Apply?:
•B.S. in Computer Science or equivalent
•5+ years developing security related scripts and controls
•3+ years hands on experience with least one of the following: AWS services, Python, SQL, PowerShell, Windows command line, BASH.